The HHS has prepared a Request for Information (RFI) to find out how HIPAA Rules are obstructing the sharing of patient information and hampering the coordination of patient care.

HHS is seeking public comments on any elements of HIPAA Rules that are discouraging or restricting coordination of patient care and case management among hospitals, doctors, payors and patients.

The RFI is one component of a new initiative named Regulatory Sprint to Coordinated Care. The aim is to eliminate obstacles that are stopping healthcare organizations from sharing patient data, while ensuring privacy and security protections remain in place. The HHS will use the feedback obtained through the RFI as a guide when considering possible improvements to HIPAA Rules to help the healthcare industry switch to coordinated, value-based health care. The RFI was submitted to the Office of Management and Budget for evaluation on November 13, 2018 and it is expected to be authorized this fall.

Identify areas of misunderstanding of HIPAA Rules that should be tackled with further guidance.

HIPAA already allows healthcare providers to disclose patients’ PHI to another healthcare provider for treatment purposes or healthcare operations without patient authorization. However, due to the complexity of HIPAA, some healthcare organizations err on the side of caution and choose not to share health data out of fear of a HIPAA fine.

Simplifying HIPAA Rules and creating a safe harbor for good faith PHI disclosures cold certainly improve patient case management and care coordination. The HHS is willing to establish an environment where patients’ health data may be shared more freely, but there won’t be any changes to the HIPAA Security Rule. Healthcare providers, health insurers, and business associates of HIPAA-covered will still be required to implement appropriate safeguards to manage risks to PHI.

Besides the general request for information (RFI), the HHS is also seeking comments on:

The methods of accounting for PHI disclosures

Patients’ acknowledgment of receipt of a healthcare providers’ notice of privacy practices

Creating a safe harbor for good faith PHI disclosures for patient care coordination or case management

Disclosures of PHI without a patient’s consent for treatment, health care operations and payment